Path: utzoo!utgpu!watmath!clyde!att!osu-cis!tut.cis.ohio-state.edu!bloom-beacon!think!ames!killer!dcs!wnp
From: wnp@dcs.UUCP (Wolf N. Paul)
Newsgroups: comp.os.minix
Subject: Re: Superuser
Message-ID: <284@dcs.UUCP>
Date: 30 Dec 88 12:33:54 GMT
References: <1971@questar.QUESTAR.MN.ORG> <2662@m2-net.UUCP>
Reply-To: wnp@dcs.UUCP (Wolf N. Paul)
Organization: DCS, Dallas, Texas
Lines: 22

In article <2662@m2-net.UUCP> mju@m-net.UUCP (Marc Unangst) writes:
|In article <1971@questar.QUESTAR.MN.ORG> jeff@questar.QUESTAR.MN.ORG (Jeff Holmes) writes:
|>	a state that when I type 'su' it made me root without
|>	asking for a password.  Logging out reset everything
|>	to normal.  Anyone had this happen before? The setuid
|>	bit is set (4755) and su is owned by root.
|		    ^^^^      ^^^^^^^^^^^^^^^^^^^
| I don't know if this is true for Minix, but for most Unixes, if su
| is executed as root, it doesn't ask for a password.  Thus, by making
| su SUID root, it is executing as root, and thus (thinking that you are
| root) doesn't ask for a password.

Actually, SU has to be SUID root, or it would not be able to make you root
even if you provided the password. That's where the distinction between the
real and effective UID and GID comes in.

SU runs with effective UID root, but should check your real UID before 
deciding whether to ask for the password.
-- 
Wolf N. Paul * 3387 Sam Rayburn Run * Carrollton TX 75007 * (214) 306-9101
UUCP:     killer!dcs!wnp                 ESL: 62832882
DOMAIN:   dcs!wnp@killer.dallas.tx.us    TLX: 910-380-0585 EES PLANO UD